D-Link patches critical vulnerabilities in popular wireless routers
Take action: If you are running DIR-X4860, DIR-X5460, or COVR-X1870 D-Link routers, time to update ASAP. The devices have at least one interface that's exposed to untrusted networks (towards operator) so an attacker will find the device. Patch and reset all default passwords.
Learn More
D-Link has released patches to address multiple critical vulnerabilities affecting three popular wireless router models: DIR-X4860, DIR-X5460, and COVR-X1870. These flaws, discovered in widely used WiFi 6 routers and mesh networking systems, could allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials.
D-Link has identified five vulnerabilities, three of which are rated as critical. The affected firmware versions are:
- COVR-X1870 (non-US): Versions v1.02 and below.
- DIR-X4860 (worldwide): Versions v1.04B04_Hot-Fix and older.
- DIR-X5460 (worldwide): Versions v1.11B01_Hot-Fix and older.
Critical Vulnerabilities
-
CVE-2024-45694 (CVSS score 9.8) - A stack-based buffer overflow in the web service of the affected routers allows unauthenticated remote attackers to execute arbitrary code on the device.
-
CVE-2024-45695 (CVSS score 9.8) - Another stack-based buffer overflow vulnerability, also in the web service, enables unauthenticated remote code execution.
-
CVE-2024-45697 (CVSS score 9.8) - This vulnerability allows remote attackers to access the router using hardcoded credentials by exploiting a hidden feature that enables the telnet service when the WAN port is connected.
High Severity Vulnerabilities
-
CVE-2024-45696 (CVSS score 8.8) - Attackers can enable the telnet service within the local network using hardcoded credentials by sending specific packets to the web service, which is only accessible locally.
-
CVE-2024-45698 (CVSS score 8.8) - Improper input validation in the telnet service permits remote attackers to log in using hardcoded credentials and execute OS commands.
These vulnerabilities can be exploited remotely without requiring any user interaction. If exploited, attackers could gain complete control over affected routers, allowing them to intercept communications, deploy malware, or launch additional attacks on connected devices.
D-Link recommends that users immediately upgrade to the following firmware versions:
- COVR-X1870: Update to version v1.03B01 or later.
- DIR-X4860: Update to version v1.04B05 or later.
- DIR-X5460: Update to version v1.11B04 or later.
In addition to applying these updates, users should change any default passwords and disable unnecessary services to further secure their devices.
D-Link was informed of these vulnerabilities by the Taiwanese CERT (TWCERT) on June 24, but was not given the standard 90-day period to release patches before public disclosure.
According to D-Link, the third party disclosed the vulnerabilities before patches were available, potentially increasing risks to end-users. As of now, there is no evidence of these vulnerabilities being exploited in the wild, but given D-Link's frequent targeting by malware botnets, prompt updates are essential.
